HackDig : Dig high-quality web security articles for hacker

reader comments 53 Share this story Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday.The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security fi

reader comments 59 Share this story Shadow Brokers, the mysterious group that gained international renown when it published hundreds of advanced hacking tools belonging to the National Security Agency, says it's going dark. But before it does, it's lobbing a Molotov cocktail that's sure to further inflame the US intelligence community.

reader comments 62 Share this story More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.The affected data is created and stored by the open source MongoDB database application, according to researchers who h

Badware purveyors trying to capitalize on the ongoing Pokémon Go frenzy have achieved an important milestone by sneaking their fake wares into the official Google Play marketplace, security researchers said Friday.Researchers from antivirus provider Eset report finding at least three such apps in the Google-hosted marketplace. Of the three, the one titled "P

As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos

When we reviewed the Blackphone 2 last September, the company behind the privacy-focused smartphone was in transition. Silent Circle had moved to bring the Blackphone joint venture with the Madrid-based Geeksphone back under its umbrella, hired a telecom industry veteran as CEO, and was fine-tuning its marketing to go after an enterprise audience. The phone’

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.The vulnerability res

A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief

A campaign that targeted a European energy company wielded malware that's so sneaky and advanced it almost certainly is the work of a wealthy nation, researchers said Tuesday.Further ReadingFirst known hacker-caused power outage signals troubling escalationHighly destructive malware creates "destructive events" at 3 Ukrainian substations.The malware contains

Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other

Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe.In the coming months, Goog

Security experts have documented a disturbing spike in a particularly virulent family of Android malware, with more than 10 million handsets infected and more than 286,000 of them in the US.Further ReadingNew type of auto-rooting Android adware is nearly impossible to remove20,000 samples found impersonating apps from Twitter, Facebook, and others.Researcher

News reports that Silent Circle, the commercial encrypted voice-over-IP service company that manufactures the security-focused Blackphone, had removed its "warrant canary" webpage have apparently created some confusion. Things only got fuzzier since the company counsel stated that the page’s removal was a “business decision” and not the result of a warrant b

After taking a hiatus, Mac malware is suddenly back, with three newly discovered strains that have access to Web cameras, password keychains, and pretty much every other resource on an infected machine.The first one, dubbed Eleanor by researchers at antivirus provider Bitdefender, is hidden inside EasyDoc Converter, a malicious app that is, or at least was,

Privacy advocates take note: Android's full-disk encryption just got dramatically easier to defeat on devices that use chips from semiconductor maker Qualcomm, thanks to new research that reveals several methods to extract crypto keys off of a locked handset. Those methods include publicly available attack code that works against an estimated 37 percent of e